Ransomware is on the rise. Even so, it’s not a zero-sum game. As the number of crypto-malware variants grows, so too does the level of ransomware awareness among security professionals.

That’s one of the major findings of a survey conducted by Tripwire at Infosecurity Europe 2016, which took place June 7-9 at the Olympia Conference Centre in London.

For its survey, Tripwire asked 400 security professionals to weigh in on the evolving ransomware threat. 93 percent of those surveyed said they expect crypto-malware attacks to continue to escalate, while more than half (56 percent) of respondents identified ransomware as a top concern for their organizations.

That concern begs the question: how can companies protect themselves against ransomware?

To help defend against an infection, organizations can consider implementing email filtering solutions, conducting security awareness training with their employees, and investing in other prevention measures.

But prevention only goes so far. Indeed, according to Travis Smith, senior security research engineer for Tripwire, it’s only half the battle:

“Ransomware delivers a great return on investment, so it’s not surprising that it is expected to be a growing problem for the foreseeable future. While prevention is the goal for every organization, being able to respond to an infection is every bit as important.”

Unfortunately, many organizations aren’t prepared to respond to an infection.

In the absence of a response and recovery plan, security practitioners can’t ensure the restoration of critical data that might have been encrypted. Tripwire found that only 32 percent of respondents to its Infosecurity Europe survey felt “very confident” they could recover business critical data. That finding is consistent with how security personnel responded to another survey conducted by Tripwire at RSA Conference 2016.

Data recovery plans take many different forms, but each and every one of them should begin with a data backup component. Smith elaborates on what companies can do to establish a robust data backup plan:

“Following the 3-2-1 backup rule is a good first step to prepare for a ransomware infection. You will need to have three copies of your data on two different types of media, with at least one of those copies being stored off-site. Organizations should continually test recovery procedures on these backups to keep the cost of restoring data as low as possible. In the end, paying a ransom may be determined by these efficiencies.”

“Following the 3-2-1 backup rule is a good first step to prepare for a ransomware infection. You will need to have three copies of your data on two different types of media, with at least one of those copies being stored off-site. Organizations should continually test recovery procedures on these backups to keep the cost of restoring data as low as possible. In the end, paying a ransom may be determined by these efficiencies.”

The majority of ransomware infections that I have encountered on the job affected a single workstation or department and their file server. While it was possible to recover the file server from backup, nothing could be done about the workstations. In some cases, the user lost critical work stored on the local hard drive.

The idea that any IT department has a 3-2-1 plan for workstation seems challenging. Should workstations (laptops in many places) have externally attached storage?